Please sign in to comment.
TROVE-2017-005: Fix assertion failure in connection_edge_process_rela…
…y_cell On an hidden service rendezvous circuit, a BEGIN_DIR could be sent (maliciously) which would trigger a tor_assert() because connection_edge_process_relay_cell() thought that the circuit is an or_circuit_t but is an origin circuit in reality. Fixes #22494 Reported-by: Roger Dingledine <email@example.com> Signed-off-by: David Goulet <firstname.lastname@example.org>
- Loading branch information...
Showing with 9 additions and 1 deletion.
|@@ -0,0 +1,7 @@|
|o Major bugfixes (hidden service, relay, security):|
|- Fix an assertion failure caused by receiving a BEGIN_DIR cell on|
|a hidden service rendezvous circuit. Fixes bug 22494, tracked as|
|TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found|